Certification Manager service for increased security

Cloudera AI requires a wildcard certificate to support Cloudera AI workloads.

When workloads such as sessions, jobs, applications, and models are created, Cloudera AI generates random, unique subdomains. As these subdomains are not deterministic, a wildcard certificate is necessary to manage them effectively.

To address concerns about using wildcard certificates, Cloudera AI leverages the open-source service Certificate Manager. This approach enables you to use an automatic certificate signing service, known as 'issuer.' Cloudera AI then relies on the Certificate Manager service to request certificates from your managed automatic signing service, ensuring a more secure and streamlined process.

A custom revocation service is in place to automatically revoke certificates for terminated workloads.